Skip to main content

cPHulk not completely working

Comments

2 comments

  • rpvw
    Do check to see where the GeoIP is listed. CPHulk often reports a location that differs from the location that eg CSF reports (MaxMind), so that CPHulk reports that an IP that you think is coming from a certain country that you have blacklisted, is coming from somewhere else. Example: 89.248.167.XXX (Multiple failed login attempts to an email account) CPHulk thinks this is from the Netherlands CSF/LFD thinks it is from the Seychelles The consensus seems to be that it is from the Seychelles Geolocation data from IP2Location (Product: DB6, updated on 2018-8-1) - Seychelles Geolocation data from ipinfo.io (Product: API, real-time) - Seychelles Geolocation data from EurekAPI (Product: API, real-time) - Seychelles Geolocation data from MaxMind (Product: GeoLiteCity, updated on 2018-5-27) - Seychelles Geolocation data from DB-IP (Product: Full, 2018-8-2) - Netherlands So you can see, if I had blacklisted the Seychelles in CPHulk, the IP would have been allowed to attempt the login; because CPHulk thinks it was from the Netherlands. I have asked several times in other threads for information as to what list CPHulk uses, and how often it is updated, but I have never received an answer :(
    0
  • cPanelMichael
    I had to manually add the block into the Host Access filter instead. Any ideas why some login attempts are still getting through?

    Hello @Psy14, cPHulk will not actually block those IP addresses at the firewall level. Instead, it's designed to ensure authentication is denied on the authentication itself. You'll still see the login attempt itself in the corresponding service log file unless you block the IP addresses using a firewall rule or the host access rules. Thank you.
    0

Please sign in to leave a comment.